Brian Godette noticed on spamassassin-users that kerrypicksedwards.com showed up on ob.surbl.org last week ago. That started a fairly long thread, to which I responded below.
From: Jeff Chan To: spamassassin-users Date: Saturday, July 17, 2004, 11:22:23 PM Subject: ob.surbl.org FP
OK here are some of my responses to the themes in this thread:
1. I've whitelisted: kerrypicksedwards.com, johnkerry.com, bush's site and some other candidate sites. (By whitelisting I mean preventing these domains from getting onto SURBLs. There is no whitening or score improvement of your incoming messages with the SURBL whitelists.)
2. Some people seem more comfortable sending non-commercial spam out. It's still spam, but in their religious or political fervor they think they're justified, which of course they are not. And any site that has unconfirmed opt-in is just begging for this kind of abuse by zealots (and opponents) also.
3. Justin is right that's it's important to keep domains of sites that might get mentioned in legitimate messages (ham) out of SURBLs, otherwise false positives are possible. In this sense CAN-SPAM is irrelevant since any partially whitehat sites need to not get listed. In this sense the standards for inclusion in SURBLs need to be higher than sender IP or domain RBLs. Blocking messages based on URIs has potentially much larger effect on mail in general than blocking a specific zombie or rogue mail server. The focus of SURBLs therefore should be on the hard core professional criminal spammers' domains first.
4. The outblaze data is based on their spam traps, so they *are* getting spam from these when they should not (for example outside the U.S.). The whitelists take precedence over any input data feeds like Outblaze, so they will prevent list inclusion.
5. Outblaze has another interesting idea in that only domains less than 90 days old are listed. The idea is that spammers burn through domains quickly so the really recently registered ones are more likely to be spammers'. This is only for domains that actually get delivered into their spam traps, and it's probably a good idea.
6. Outblaze may do some additional processing before we get their data, but in general it appears to be quite good. We iterated a bit by sharing whitelist hits, etc. so we could focus their feed on the most often spamming URI domains. So it may take more than a single trap hit to get onto their list, and in addition to the 90 day newness of registration factor, their data seems quite good in general.
Jeff C.